SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Zealot Egghead's Avatar
    Join Date
    Feb 2002
    Posts
    197
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Single and double quote escaping nightmare

    Hi folks,

    I have a problem with escaping strings. I am passing a large piece of text between pages using a form and the post method.

    Single quotes (') within the text string are escaped perfectly well but if there is a double quote ("), the text string gets cut from that point on, missing out the rest of the string and getting me very annoyed. - It seems that the single quotes are escaped but not the double quotes!

    I have tried playing with addslashes/stripslashes, but this results in too many slashes for any single quotes and for double quotes, a slash appears but the rest of the string (including the quote) still gets cut out.

    I checked the server's PHP configuration and Magic Quotes are on for get,post and cookies, [get_magic_quotes_gpc() returns a 1] and off for runtime [get_magic_quotes_runtime() returns 0]. (Since everything is being sent by post in forms, I assume text strings should be escaped properly and addslashes is unnecessary.)

    Has anybody experienced this peculiar problem before? Is there a solution?

    Regards,

    Egghead

  2. #2
    SitePoint Zealot mcahill's Avatar
    Join Date
    May 2002
    Location
    Manchaug, MA, USA
    Posts
    180
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Magic Quotes and Addslashes

    will give you wierd problems. Turn it off and try using the addslashes.

    Cheers,

    Mark

  3. #3
    SitePoint Guru
    Join Date
    Feb 2002
    Posts
    625
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here is a small but very efficient function i use since a long time to pre-validate all user input. (note the pre). It should be pretty obvious how to use it.
    It will take care of your slashes problem, no matter if magic quotes is turned on or off.

    PHP Code:
    function clean($input$maxlength$allowtags 0)
    {   
        if (
    $input != '')
        {
        
            if (
    $allowtags == 0)         { $input strip_tags($input); }
            if (!
    get_magic_quotes_gpc()) { $input addslashes($input); }
            
            if (
    $maxlength != 0)
            {
                
    $input substr($input0$maxlength);
            }
            return 
    $input;
        }
        else return 
    $input '';    


    //just a small example how to use it.

    $text = isset($_POST['textfield']) != '' $_POST['textfield'] : '';
    // the number 255 will crop the input to 255 characters, change as you see fit, if you don't want it to be cropped, simply put 0.
    $text clean ($text,255); 
    Hope this helps
    Last edited by datune; Nov 7, 2002 at 18:28.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •